The Gilbert and Sullivan Society takes our responsibilities to our members seriously. We do not share your personal information outside the society.
This includes how we comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.
As part of our work, we have to obtain, store and use personal data of potential, currents, and past members, as well as committee members.
To help protect personal data, we:
- treat people’s personal information with integrity and confidentiality
- keep data secure
- report losses of data as soon as possible.
The people responsible for data of society members are the Membership Secretary, the Honorary Secretary, the Chairman and the Programme Secretary.
In line with GDPR, all the personal data we collect is
- processed lawfully, fairly and in a transparent manner
- collected only for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- accurate and where necessary kept up to date
- not kept in a form which permits identification of data subjects for longer than necessary
- processed in a way that keeps it secure, using passwords and other ways to protect it from unauthorised processing, loss, destruction or damage
- not transferred to another country without appropriate safeguards being in place
- available to data subjects if they ask for it
- able to be changed or deleted if a data subject requests that.
We process personal data fairly and for the lawful bases set out by the GDPR:
- the person has given their consent
- we have to process the data to carry out a contract with the person (usually, to service their membership)
- to meet our legal compliance obligations
We are unlikely to use these lawful bases:
- the processing is necessary to protect the person's life;
- to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- to pursue our legitimate interests (or those of a third party) as long as these they are not overridden by the interests or fundamental rights and freedoms of the people whose data it is.
You can tell us at any time if you want us to stop using your personal data.
Our data controller is the Honorary Secretary.
We will ensure that the personal data we use and hold is accurate, complete, kept up to date and relevant.
We will destroy or correct inaccurate or out-of-date personal data.
We will only keep personal data for as long as we have to by law.
If we find out about a personal data breach, we will let the people involved know, and we will also tell the Information Commissioner's Office.
If we have your personal data on file, you have the right to
- withdraw consent to processing
- ask us how we are processing your data
- ask us to tell you what data we have
- tell us not to use your data for direct marketing
- ask us to erase your data, or to correct anything that is inaccurate data or incomplete. If you ask us not to contact you again, we will need to keep a small amount of information to make sure we honour that request.
- make a complaint to the Information Commissioner's Office
- ask us to transfer your data to a third party in a structured, commonly used and machine-readable format.
We will have to make sure we are talking to you if you ask us to do any of the above, so we will need to identify you carefully.